CVE-2016-0763
Published: 24 February 2016
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
From the Ubuntu Security Team
It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. A remote attacker could possibly use this issue to read or wite to arbitrary application data, or cause a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
tomcat6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
precise |
Released
(6.0.35-1ubuntu3.7)
|
|
trusty |
Released
(6.0.39-1ubuntu0.1)
|
|
upstream |
Released
(6.0.45)
|
|
wily |
Ignored
(reached end-of-life)
|
|
xenial |
Released
(6.0.45+dfsg-1)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1726003 |
||
tomcat7 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7.0.68-1)
|
bionic |
Not vulnerable
(7.0.68-1)
|
|
precise |
Does not exist
(precise was needed)
|
|
trusty |
Released
(7.0.52-1ubuntu0.6)
|
|
upstream |
Released
(7.0.68-1)
|
|
wily |
Released
(7.0.64-1ubuntu0.3)
|
|
xenial |
Not vulnerable
(7.0.68-1)
|
|
yakkety |
Not vulnerable
(7.0.68-1)
|
|
zesty |
Not vulnerable
(7.0.68-1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1725931 |
||
tomcat8 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(8.0.32-1ubuntu1)
|
bionic |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(8.0.32-1)
|
|
wily |
Ignored
(reached end-of-life)
|
|
xenial |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
yakkety |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
zesty |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1725929 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |